Security audit

组合设计师

Security checks across malware telemetry and agentic risk

Overview

This is a document-only portfolio design skill; its investment examples need caution, but it does not install code, access accounts, or perform trades.

Treat the portfolio outputs as educational examples, not personalized financial, tax, or legal advice. Before acting on any allocation or ETF suggestion, consider your jurisdiction, liquidity needs, fees, taxes, risk tolerance, and consult a qualified adviser when appropriate.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The file gives concrete asset-allocation and fund recommendations, including percentages, amounts, named ETFs, and rebalancing instructions, but does not state that the material is general educational content rather than personalized financial advice. In a portfolio-design skill, users are likely to treat this as actionable advice, which increases the risk of unsuitable decisions, regulatory exposure, and user harm if the recommendations are applied without considering jurisdiction, suitability, liquidity needs, or tax consequences.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal